Revision as of 17:36, 23 February 2012

This page was created to document important default configuration differences for IPv4 features and protocols between the Cisco NX-OS (Nexus 7000) and Cisco IOS Software (Catalyst 6500). The objective of this document is to point out key differences to insure success when installing a Nexus 7000 for the first time. Some of the default differences are based on architectural differences, whereas others are based on default configuration differences for features enabled by default and for features that are manually configured that are not enabled by default.

Additional Resources:

The IOS/NX-OS Migration tool on cisco.com can be used to assist when converting a Cisco IOS Software configuration to a Cisco NX-OS Software configuration.

Initial System Setup (First Time Boot-up)

This section outlines the defaults that are applied to the configuration the first time the system boots up if the user chooses not to run the setup utility. Different features and parameters can be configured during the initial system startup if the user chooses to run the setup utility.

Device Access (Security)

Cisco NX-OS

Cisco IOS

Notes

Secure Password Standard

Yes

No

The Secure Password Standard forces the user to select a secure combination of characters (lower and upper case) and numbers.

Terminal (SSH/TELNET)

SSHv2

TELNET

Cisco NX-OS Software defaults to SSHv2 with a 1024 bit RSA key. The SSH key can be modified to a DSA/RSA key up to 2048 bits to increase security.

Local Authentication

admin user

Requires Additional Configuration

Cisco NX-OS Software prompts for an admin user password when the system is powered on for the first time, whereas Cisco IOS Software uses a VTY and Console password with an Enable Secret to secure access (All passwords in Cisco IOS Software have to be configured).

CoPP Policy

Enabled

No

Cisco NX-OS Software defaults to the strict CoPP policy, which is the most restrictive policy to protect the control plane (CPU). The strict CoPP policy is recommended for most environments. Cisco IOS Software requires the administrator to create a CoPP policy and apply it to the control-plane.

Interface Configuration

Cisco NX-OS

Cisco IOS

Notes

Port Type

Layer-3

Layer-3

Later versions of Cisco IOS Software define the port type as Layer-3, whereas earlier versions define the port type as Layer-2 by default.

Port State

Shutdown

Shutdown

Later versions of Cisco IOS Software shutdown all of the ports, whereas earlier versions enabled them by default.

Console / VTY Parameters

Cisco NX-OS

Cisco IOS

Notes

Console Timeout

30 (minutes)

10 (minutes)

Later versions of the Cisco NX-OS Software have a 30 minute timeout enabled by default. The Cisco NX-OS console timeout value can be modified with the Console exec-timeout CLI command.

VTY Timeout (SSH/TELNET)

30 (minutes)

10 (minutes)

Later versions of the Cisco NX-OS Software have a 30 minute timeout enabled by default. The Cisco NX-OS VTY timeout value can be modified with the VTY exec-timeout CLI command.

The Cisco NX-OS Software setup utility can be executed anytime using the setup command in EXEC user mode.

The port type is dependent on the module type. In Cisco NX-OS Software, the M1 series modules default to a layer-3 port type configuration and the F1 series modules default to a layer-2 port type configuration (F1 series modules only support layer-2 port types).

The Cisco NX-OS Software default port state can be modified after the system is initially configured with the global system default switchport command.

Early versions of Cisco NX-OS Software did not display the VTY interface in the running or startup configuration unless the default values were modified. Later versions display line vty in both the running and startup configurations.

Virtual Routing and Forwarding (VRF) Instances

This section outlines the default VRF instance configuration. The NX-OS has two VRF instances that are configured by default when the system is powered on for the first time. Additional VRF instances can be configured as required.

VRF Instance Name

Cisco NX-OS

Cisco IOS

Notes

Default (Global)

All I/O Ports

All I/O Ports

The default VRF instance in Cisco NX-OS Software is equivalent to the global VRF instance in Cisco IOS Software.

Management

Supervisor mgmt0 port

N/A

Cisco NX-OS Software assigns the mgmt0 port(s) on the Supervisor(s) to the management VRF instance (This cannot be modified).

Configuration

Cisco NX-OS

Cisco IOS

Notes

CLI Placement

Under VRF hierachy

Ussually uses vrf option

The CIsco NX-OS uses a more centric model when configuring protocols and features associated with VRF instances. For instance, protocols and features such as PIM and IP static routes are configured under the VRF context. Cisco IOS typically uses the vrf option to differentiate bewteen non-default VRF instances.

In Cisco NX-OS Software, VRF instances are associated to routing protocols under the routing protocol with the vrf command. This is similar for some protocols in the Cisco IOS Software (i.e. BGP, EIGRP) that use address families under the routing protocol configuration.

Interface Parameters

The Link Debounce feature is disbled by default in both Cisco NX-OS and IOS Software. However, when enabled, the default timers are different. Cisco NX-OS Software allows the user to specify a non-default timer using the time option.

L2 Interfaces

Cisco NX-OS

Cisco IOS

Notes

Switchport Mode

Access

Dynamic Desirable

Cisco IOS Software doesn't default to switchport access mode.

Switchhport Trunk Encapsulation

802.1q

Negotiate

The Cisco NX-OS Software only supports 802.1q Trunks - It cannot negotiate between ISL and 802.1q.

These values do not indicate the total number of loopback interfaces that can be configured. Check the latest documentation to determine how many loopback intefaces are supported per chassis.

Port-Channel Interfaces

Cisco NX-OS

Cisco IOS

Notes

Interface Range

1-4096

1-256

These values do not indicate the total number of port-channel interfaces that can be configured. Check the latest documentation to determine how many port-channel interfaces are supported per chassis.

Interface State

Operational

Admin. Down

This is the default interface state after the port-channel interface is initially created.

LaCP Graceful-Convergence

Enabled

N/A

Applied per port-channel interface. This can be disabled in Cisco NX-OS Software using the no lacp graceful-convergence interface command (only recommended to disable this with non NX-OS LaCP neighbors).

LaCP Max-Bundle

16

8

-

LaCP Suspend-Individual

Enabled/Disabled

N/A

Applied per port-channel interface. This can be disabled in Cisco NX-OS Software using the no lacp suspend-individual interface command.The feature is enabled by default on the Nexus 7000 platform. Other Nexus Platforms (such as the 5000 series) have it disabled by default. This feature violates the LACP RFC. Disabling the feature is necessary for PXE boot scenarios where the booting software does not support LACP.

Tunnels Interfaces (GRE)

Cisco NX-OS

Cisco IOS

Notes

Bandwidth

9 Kbps

100 kbps

The Cisco NX-OS Software tunnel interface bandwidth can be modified with the bandwidth <#> interface command.

Interface Range

0-4095

0-2147483647

These values do not indicate the total number of tunnel interfaces that can be configured. Check the latest documentation to determine how many tunnel interfaces are supported per chassis.

Interface State

Admin Down

Operational

This is the default interface state after the tunnel interface is initially created.

PMTU Discovery (Min MTU)

64 Bytes

92 Bytes

The Cisco NX-OS software Minimum MTU can be modified with the tunnel path-mtu-discovery min-mtu interface command

Time-To-Live (TTL)

Disabled

255

The Cisco NX-OS Software tunnel TTL value can be modified with the tunnel ttl interface command

Additional Notes:

Tunnel interfaces are disabled by default in Cisco NX-OS Software. IP tunnel interfaces can be enabled with the feature tunnel command.

Switch Virtual Interfaces (SVIs) are disabled by default in Cisco NX-OS Software and cannot be configured until the feature interface-vlan command is configured.

Layer-2 Switching Features and Protocols

This section outlines some key differences related to layer-2 switching features and protocols, such as VLANs, VTP, STP, etc...

Cisco NX-OS Software does not require a CLI command to enable Extended VLANs.

Reserved for Internal Use

3968-4047,4094

1002-1118

As of Cisco NX-OS 5.2(1) the reserved internal VLAN range was expanded to use 128 VLANs (3968-4094) - In Cisco NX-OS 5.2(1), the global system vlan <#> reserve command can be configured to reserve a different range of VLANs.

MAC Table Aging Timer

Cisco NX-OS

Cisco IOS

Notes

Default Aging Timer

1800 (seconds)

300 (seconds)

The MAC address table aging-timer can be modified in Cisco NX-OS Software with the global mac address-table aging-time <0, 120-918000> command. A value of 0 disables the aging timer.

STP Protocol Default

Cisco NX-OS

Cisco IOS

Notes

Default STP

Rapid-PVST+

PVST

The STP protocols are backwards compatible, but it is recommended to configure all switches in an L2 domain to use the same STP.

VTP Default

Cisco NX-OS

Cisco IOS

Notes

Mode

Disabled

Transparent

Cisco NX-OS Software drops all VTP packets by default (VTP can be configured for client, server or transparent mode).

The Cisco NX-OS Software has a show ip dhcp relay address command that is useful for verifying what interfaces have DHCP-Relay's configured. Cisco IOS Software introduced the show ip helper-address command in later versions of the SX software release.

Layer-3 Unicast Routing Features and Protocols

This section outlines some of the default differences related to unicast routing protocols and routing functionality such as protocol redistribution.

BGP

Cisco NX-OS

Cisco IOS

Notes

Address Families

All Disabled

All Enabled

Cisco NX-OS Software requires an address family to be configured per BGP neighbor (By default, all address families are disabled).

Auto-Summarization

Disabled

Disabled

Cisco NX-OS Software doesn't have the ability to enable auto-summarization. Later versions of the Cisco IOS Software disable auto-summarization by default (Earlier versions enable it by default).

Deterministic MED

Enabled

Disabled

Deterministic MED can be disabled in Cisco NX-OS Software using the bestpath med non-deterministic command under the BGP routing instance.

OSPF requires unique link state ID’s when inserting routes into the OSPF database. When OSPF chooses between two routes with different masks (i.e. 192.168.1.0/24 and 192.168.1.0/32) with identical link state ID’s (i.e. 192.168.1.0) into the database with identical parameters (i.e. Advertising Router), the Cisco NX-OS Software will insert the route with the longest match (/32), whereas the Cisco IOS Software will insert the route with the shortest match (/24) into the OSPF database.

ECMP

8

4

-

LSA Group Pacing Timer

10 (seconds)

240 (seconds)

The LSA group pacing timer can be modified in Cisco NX-OS Software using the timers lsa-group-pacing <1-1800> OSPF command.

The reference bandwidth can be modified in Cisco NX-OS Software with the auto-cost reference-bandwidth <1-4000000> command under the OSPF process.

SPF Throttle Timers (Delay/Hold/Max)

200 / 1K / 5K (msecs)

5K / 10K / 10K (msecs)

Both Cisco NX-OS and IOS Software have OSPF commands to modify these timers.

Redistribution (Protocol)

Cisco NX-OS

Cisco IOS

Notes

Direct Routes (Connected)

Disabled

Enabled

When redistributing routing protocols (i.e. OSPF into BGP or OSPF into EIGRP) directly connected routes within the source routing protocol (i.e. OSPF) are not redistributed into the target routing protocol by default in Cisco NX-OS Software. Cisco NX-OS Software requires the redistribute direct command under the target routing instance.

Route-Map Required

Yes

No (Optional)

Cisco NX-OS Software requires a route-map when redistributing routes between different routing protocols (i.e. OSPF to BGP) or different routing instances (i.e. OSPF 10 to OSPF 20). In Cisco NX-OS software, a configured route-map without a prefix-list will redistribute all routes by default (permit). A prefix-list can be configured (not an ACL) to select specific routes for redistribution.

The number of routing processes varies per Cisco IOS Software release. Earlier releases supported 32 processes per system. However, that has been modified to allow a much larger number of processes to support hundreds of VRF instances.

It is generally recommended to use the same reference-bandwidth value throughout an OSPF domain.

Multicast Features and Protocols

The following table outlines the default differences for multicast feaures and routing protocols.

IGMP

Cisco NX-OS

Cisco IOS

Notes

IGMP (Query Interval)

125 (seconds)

60 (seconds)

The query interval can be configured per interface in Cisco NX-OS Software with the ip igmp query-interval <1-18000> command.

IGMP (Query Timeout)

255 (seconds)

120 (seconds)

The query timeout can be configured per interface in Cisco NX-OS Software with the ip igmp query-timeout <1-65535> command.

SSM is configured for address range 232.0.0.0/8 in Cisco NX-OS Software by default (SSM can be disabled with the no ip pim ssm range232.0.0.0/8 global command. SSM is disabled in Cisco IOS Software by default.

The Cisco NX-OS label range can be configured with the mpls label range <16-492286> global command.

Multicast VPN (mVPN)

Cisco NX-OS

Cisco IOS

Notes

MDT MTU (Tunnel MTU in bytes)

1376

1500

The MDT MTU can be modified under a VRF context using the mdt mtu command in Cisco NX-OS Software.

Additional Notes:

In Cisco NX-OS, the MPLS feature set needs to be installed in the default VDC(1) with the install feature-set mpls configuration command. The feature set has to be enabled per VDC using the feature-set mpls configuration command, before the feature mpls<ldp | l3vpn | traffic-engineering> command(s) can be executed.

Prior to Cisco NX-OS software 4.1(3), control plane packets generated by the CPU (i.e. HSRP, OSPF, etc.) are subject to egress ACL processing by default (when an egress ACL is applied to an interface). Therefore, the egress ACL requires permit entries configured for required CPU control plane packets. Cisco IOS Software permits CPU generated control plane packets by default when an egress ACL is applied to an interface (CPU generated control plane packets are not subject to egress ACL processing when applied to an interface). In Cisco NX-OS Software release 4.1(3) and onward, the default behavior is the same as Cisco IOS Software.

Prior to Cisco NX-OS Software 4.(1)3, the default can be modified to permit control plane packets originated from the CPU with the ip access-list match-local-traffic global command.

Cisco NX-OS Software hardware rate-limiter status and statistics can be verified using the show hardware rate-limiters command.

Cisco NX-OS Software Intrusion Detection System (IDS) packet check status and statistics can be verified using the show hardware forwarding ip verify command.

Quality of Service Features

This section contains default differences for Quality of Service (QoS) features.

QoS (General)

Cisco NX-OS

Cisco IOS

Notes

Global Configuration

Enabled

Disabled

Cisco IOS Software requires the global mls qos command to enable QoS.

Interface Trust State

Trusted

Untrusted

In Cisco NX-OS Software, all CoS(L2) / DSCP(L3) / ToS(L3) marking are preserved (A QoS policy can be configured to rewrite the values). In CIsco IOS Software all ports are untrusted by default, so the CoS(L2) / DSCP (L3) / ToS(L3) markings are cleared by default when QoS is enabled.

Additional Notes:

The Cisco IOS Software default QoS behavior can be modified with the no mls rewrite dscp global command to preserve the CoS/ToS/DSCP markings.

If the Cisco IOS Software is configured with the mls qos queuing-only command, the CoS/ToS/DSCP markings are preserved.

In Cisco NX-OS Software, control plane packets generated by the CPU are not subject to egress interface QoS processing even though QoS is enabled by default. In Cisco IOS Software, control plane packets generated by the CPU are subject to egress QoS policies when QoS is enabled with the global mls qos command.

Network Management Features and Protocols

This section contains default differences for network management features and protocols.

NetFlow

Cisco NX-OS

Cisco IOS

Notes

Export Port (NDE)

UDP 9995

None

In Cisco NX-OS Software, the destination UDP port for the NDE packet does not need to be specified (UDP 9995 is the default). However, a different UDP port can be specified with the flow exporter transport udp <1 - 65535> command.

Export Version

5

1

Both CIsco NX-OS and IOS Support versions 5 and 9, which are the most commonly deployed.

NetFlow Sampling is disabled by default in both Cisco NX-OS and IOS Software. However, when configuring packet based sampling, the sample packet rates are different. Cisco NX-OS software allows any value with the configurable range, whereas Cisco IOS Software requires packet increments 64, 128, 256 up to 8192 to be specified.

Timer (Active Aging)

1800 (seconds)

1920 (seconds)

-

Timer (Fast Aging)

32 - 512 (seconds)

32

Fast Aging is disabled by default in both CIsco NX-OS and IOS Software. However, Cisco NX-OS requires a value when configuring it, wherase the Cisco IOS defaults to 32 seconds and supports a range between <1-128>.

Cisco NX-OS Software automatically creates a SNMPv3 user account by default when a local user is created with the username command. The snmp user account is displayed in the configuration with the snmp-server user global command. By default, the admin SNMP user account is configured.

Additional Notes:

NetFlow is disabled by default in Cisco NX-OS Software (NetFlow can be enabled with the global feature netflow command).